bafc4e633fbdbee7dd5f65fab1a628e1

Sharing

Copy URL Twitter E-mail

General

Target

bafc4e633fbdbee7dd5f65fab1a628e1
Size

128KB
MD5

bafc4e633fbdbee7dd5f65fab1a628e1
SHA1

5863e414615a7b2d7a58c424e6b65e584b2da3ed
SHA256

d47072896e88d36dd0e725bc452b84941b7cc1b0e323696b72dec7176ad95b07
SHA512

52f3bb11b5ca416c9028307d9d713dcb0379be94e2c6c53b91a2960ad3af801867370f2bfa40cbcebfb23de94adbb7fa3fc3196dfb8f402db223efb1f700ada4
SSDEEP

768:lRxlBcwS2UzmGbostKz3aZeHIAeXc2kbJaLB8qt:lHDU28oeSoAeXcat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bafc4e633fbdbee7dd5f65fab1a628e1

Files

bafc4e633fbdbee7dd5f65fab1a628e1
.exe windows:4 windows x86 arch:x86

a7085863df39b7dd1eea85471205e65d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
Sleep
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentThreadId
CreateThread
CreateMutexA
LCMapStringA
DeleteFileA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
SetStdHandle
WritePrivateProfileStringA
GetTempPathA
GetTempFileNameA
GetWindowsDirectoryA
GetPrivateProfileStringA
OpenFile
GetLastError
GetFileSize
CreateFileA
ReadFile
WriteFile
SetEndOfFile
CloseHandle
LCMapStringW
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
FlushFileBuffers
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

DispatchMessageA
CloseDesktop
CloseWindowStation
SetThreadDesktop
MessageBoxA
PostThreadMessageA
OpenDesktopA
TranslateMessage
GetMessageA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation

advapi32

ReportEventA
DeregisterEventSource
ControlService
DeleteService
CreateServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterEventSourceA

shell32

ShellExecuteA

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

netapi32

Netbios

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7085863df39b7dd1eea85471205e65d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

netapi32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 10KB

.erdata Size: 72KB - Virtual size: 72KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 10KB

.erdata
Size: 72KB - Virtual size: 72KB